V1 mirrors do not mirror the index and those endpoints should
only be indexes.
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
Upstream-commit: 6b36a488e77c9d91c8eacb07053bff263bda04f3
Component: engine
If a registry mirror is using TLS, ensure that certs for it
are picked up from /etc/docker/certs.d
Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
Upstream-commit: cb57b256892b7d6c046cf28e45b9114f28f07aa3
Component: engine
Add a set of newly linted packages, and fix the script.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Upstream-commit: 7f02cc420ab068f129ec24f3c7514a838bddb1ce
Component: engine
The only uses of RequestAuthorization and its associated functions were
removed in 19515a7ad859b28c474d81e756ac245afcd968e3 ("Update graph to
use vendored distribution client for the v2 codepath")
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Upstream-commit: 962dc622d94a17a30a5926e8155da87a7e39e933
Component: engine
It was used only by integration tests, which now gone.
Signed-off-by: Alexander Morozov <lk4d4@docker.com>
Upstream-commit: 6ae377ffa0c106749db1bcd6cf158f8b0056dea8
Component: engine
Remove volume stubs and use the experimental path as the only path.
Signed-off-by: David Calavera <david.calavera@gmail.com>
Upstream-commit: c4d45b6a29a91f2fb5d7a51ac36572f2a9b295c6
Component: engine
Add golint to the Dockerfile, and a `validate-lint` task to the
Makefile. Currently, the linter will process a harcoded list of packages
that will expand as we fix more warnings. Eventually, the linter should
process all subpackages of the repo (excluding vendored code).
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
Upstream-commit: 6cce8d18384a5ae1212e7b0f7b7ac9662a89c8c1
Component: engine
Also addded a couple more tests
Updates #14756
Signed-off-by: Dave Tucker <dt@docker.com>
Upstream-commit: c5667bc5690d6004db4e515cef1865e093da7e3b
Component: engine
The automatic installation of AppArmor policies prevents the
management of custom, site-specific apparmor policies for the
default container profile. Furthermore, this change will allow
a future policy for the engine itself to be written without demanding
the engine be able to arbitrarily create and manage AppArmor policies.
- Add deb package suggests for apparmor.
- Ubuntu postinst use aa-status & fix policy path
- Add the policies to the debian packages.
- Add apparmor tests for writing proc files
Additional restrictions against modifying files in proc
are enforced by AppArmor. Ensure that AppArmor is preventing
access to these files, not simply Docker's configuration of proc.
- Remove /proc/k?mem from AA policy
The path to mem and kmem are in /dev, not /proc
and cannot be restricted successfully through AppArmor.
The device cgroup will need to be sufficient here.
- Load contrib/apparmor during integration tests
Note that this is somewhat dirty because we
cannot restore the host to its original configuration.
However, it should be noted that prior to this patch
series, the Docker daemon itself was loading apparmor
policy from within the tests, so this is no dirtier or
uglier than the status-quo.
Signed-off-by: Eric Windisch <eric@windisch.us>
Upstream-commit: 80d99236c1ef9d389dbaca73c1a949da16b56b42
Component: engine
- fully capitalize HTTP in HTTPHeaders
- comment for CONFIGFILE
- camelcase and privatize oldConfigfile, defaultIndexserver
- remove unused var errConfigFileMissing
- comments for methods and functions throughout
- external references to renamed variables changed
Signed-off-by: Morgan Bauer <mbauer@us.ibm.com>
Upstream-commit: dea49b7474f0efcefe4618b6133330f0bb5e2c84
Component: engine
